<?php

	session_start();	
	include('./conn/conn.php');
	if(isset($_POST['submit'])&&$_POST['submit']=="登录"){
//		$code=$_POST['code'];
		
//		if(strtolower($code)==strtolower($_SESSION['yzm']))
		{
					sleep(2);
			$username=$_POST['username'];
			$password=$_POST['password'];
			$sql="SELECT * FROM tb_userlist WHERE userno='".$username."'";		
			$result=mysqli_query($link, $sql);	
			$rows=mysqli_fetch_array($result);
			if($rows){
				$_SESSION['jsjgcxusername']=$username;
					
				$tmp_password=$rows['passwd'];		
				if($tmp_password==md5($password)){
					
					$_SESSION['islogin']=TRUE;
					
			//删除旧登录记录
//			$delete_log="delete from tb_loginlog where (select count(username) from tb_loginlog   
//)> 10 and username in (select username from tb_loginlog order by time desc limit (select count(username) from tb_loginlog) offset 10 ) " ;		
//			$delete_log = mysqli_query($link, $delete_log);			
//					
			//写入登录日志
					
		$iptime = gmdate("Y-m-d H:i", time() + 8 * 3600);
		if (isset($_SERVER['HTTP_CLIENT_IP'])) {
			$clientip = $_SERVER['HTTP_CLIENT_IP'];
		} elseif (isset($_SERVER['HTTP_X_FORWARD_FOR'])) {
			$clientip = $_SERVER['HTTP_X_FORWARD_FOR'];
		} else {
			$clientip = $_SERVER['REMOTE_ADDR'];
		}
			
		$insert_log = "insert into tb_loginlog(IP,username,time) values('" . $clientip . "','" . $username . "','" . $iptime . "')";
					$insert_log = mysqli_query($link, $insert_log);	
					  echo '{"status":true,"data":"登录成功！","url":"index.php"}';
				}else{
					 echo '{"status":false,"data":"用户名或密码错误"}';
					exit;
				}
			}else{
					 echo '{"status":false,"data":"用户名或密码错误"}';
					exit;
			}
			
			
		}
//		else{
//			echo'<script language="JavaScript">alert("验证码出错");window.history.back();</script>';
//					exit;
//		}
		
		
	}else{
		echo '<script language="JavaScript">

	window.location.href="./login.html";</script>';
	exit;
	//	alert("请先登录");
}
?>
